public void ConfigureAuth(IAppBuilder app)
{
var cookieOption = new CookieAuthenticationOptions
{
AuthenticationType = "Federation",
Provider = new CookieAuthenticationProvider
{
OnApplyRedirect = c =>
{
},
OnException = e =>
{
},
OnResponseSignedIn = c =>
{
},
OnResponseSignIn = c =>
{
},
OnResponseSignOut = c =>
{
},
OnValidateIdentity = c =>
{
return(Task.CompletedTask);
}
},
};
app.UseCookieAuthentication(cookieOption);
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
//OAuth2 bearer token middleware
var resolver = ApplicationConfiguration.Instance.DependencyResolver;
var optionProvider = resolver.Resolve <IAuthorizationServerOptionsProvider <OAuthAuthorizationServerOptions> >();
var options = optionProvider.GetOptions();
options.AccessTokenFormat = new JSonDataFormat();
Startup.OAuthOptions = options;
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
//SSOAuthenticationExtensions.UseSaml2SSOAuthentication(app, assertionEndpoints: "/api/Account/SSOLogon")
SSOAuthenticationExtensions.UseSaml2SSOAuthentication(app);
SSOAuthenticationExtensions.UseMetadataMiddleware(app, "/sp/metadata", MetadataType.SP, resolver);
SSOAuthenticationExtensions.RegisterDiscoveryService(app, resolver);
SSOAuthenticationExtensions.RegisterLogger(app, resolver);
SLOAuthenticationExtensions.UseSaml2SLOAuthentication(app);
//SLOAuthenticationExtensions.RegisterLogger(app,resolver);
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
PublicClientId = "self";
var resolver = ApplicationConfiguration.Instance.DependencyResolver;
var optionProvider = resolver.Resolve <IAuthorizationServerOptionsProvider <OAuthAuthorizationServerOptions> >();
OAuthOptions = optionProvider.GetOptions();
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
//Shibboleth middleware, test metadata
SSOAuthenticationExtensions.UseShibbolethAuthentication(app, "testShib");
//Shibboleth middleware, localhost metadata metadata
//SSOAuthenticationExtensions.UseShibbolethAuthentication(app, "imperial.ac.uk");
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
}
public void Configuration(IAppBuilder app)
{
var resolver = ApplicationConfiguration.Instance.DependencyResolver;
SSOAuthenticationExtensions.UseMetadataMiddleware(app, "/idp/metadata", MetadataType.Idp, resolver);
SSOAuthenticationExtensions.RegisterDiscoveryService(app, resolver);
var optionProvider = resolver.Resolve <IAuthorizationServerOptionsProvider <OAuthAuthorizationServerOptions> >();
var OAuthOptions = optionProvider.GetOptions();
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
app.Map(new PathString("/api/sso/signon"), a =>
{
a.Run(async c =>
{
var ticket = await c.Authentication.AuthenticateAsync("Bearer");
if (ticket == null || !ticket.Identity.IsAuthenticated)
{
c.Response.StatusCode = 403;
return;
}
var state = c.Request.Query.Get("state");
var outboudContext = new HttpPostResponseOutboundContext(new SAMLForm())
{
BindingContext = new BindingContext(new Dictionary <string, object>(), new Uri("http://localhost:60879/api/Account/SSOLogon"))
};
outboudContext.DespatchDelegate = async form =>
{
await c.Response.WriteAsync(form.ToString());
//return Task.CompletedTask;
};
var protocolFactory = resolver.Resolve <Func <string, IProtocolHandler> >();
var protocolHanlder = protocolFactory(Bindings.Http_Post);
await protocolHanlder.HandleOutbound(new SamlProtocolContext {
RequestContext = outboudContext
});
});
});
//owin middleware mock to parse auth request get the sp metadata and verrify the signarure
//to be implementaed as OWIN middleware with handler and protocol handler.
app.Map(new PathString("/sso/login"), a =>
{
a.Run(async c =>
{
var elements = c.Request.Query;
var queryStringRaw = c.Request.QueryString.Value;
var decoder = resolver.Resolve <IBindingDecoder <Uri> >();
var message = await decoder.Decode(c.Request.Uri);
var form = elements.ToDictionary(k => k.Key, v => v.Value.First());
var state = form[HttpRedirectBindingConstants.RelayState];
var context = new HttpRedirectInboundContext
{
Message = message,
HanlerAction = () =>
{
//var id = Guid.NewGuid();
var urlBase = c.Request.Uri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped);
c.Response.Redirect(String.Format("https://localhost:44342/client?returnUrl={0}{1}&state={2}", urlBase, "/api/sso/signon", state));
},
DescriptorResolver = m =>
{
var factory = resolver.Resolve <Func <Type, IMetadataHandler> >();
var metadataType = m.GetType();
var handlerType = typeof(IMetadataHandler <>).MakeGenericType(metadataType);
var handler = factory(handlerType);
if (handler == null)
{
throw new InvalidOperationException(String.Format("Handler must implement: {0}", typeof(IMetadataHandler).Name));
}
return(handler.GetServiceProviderSingleSignOnDescriptor(m)
.Single()
.Roles.Single());
}
};
//await parser.Parse(context);
var protocolFactory = resolver.Resolve <Func <string, IProtocolHandler> >();
var protocolHanlder = protocolFactory(Bindings.Http_Redirect);
await protocolHanlder.HandleInbound(new SamlProtocolContext {
ResponseContext = context
});
});
});
}
